Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Malware Triangle

Thread Tools

Malware Triangle

Norman L. DeForest
Posts: n/a

[alt.privacy.spyware removed, not carried here]

On Sun, 5 Dec 2004, kurt wismer wrote:

> cquirke (MVP Win9x) wrote:
> [snip]
> > For our purposes (malware theory), what matters is:
> >
> > a) Is program material within file "run" when file is "opened"?
> >
> > b) If so, is what it can do limited to the scope of that file alone?

> it would be nice if these evaluated to the same results on all
> systems... unfortunately they don't, so users will have to make these
> determinations on a case by case basis depending not only on the 'data'
> in question, but also on the environment...
> > If Yes and No, the file should be considered "program".

> and this can be especially problematic as *all* data 'types' have a
> non-zero probability of triggering the execution of embedded
> (legitimately or otherwise) code when read by some reader or another...
> so the argument could be made to consider all files as programs...
> personally i find that a little extreme...
> [snip]
> > For this reason, I would prefer *any* sort of macro/scripting to be
> > held within separate files that are identifiable as such, and/or to be
> > never automatically interpreted when a "data" file is "opened".

> the age old (and very sensible) separation of code and data... if only
> we (the human race) had followed that doctrine...

To indicate the stupidity of Microsoft failing to follow that doctrine....

If an executable file is dragged and dropped into a document being edited
by Word and then the part of the document that contains the executable
and, perhaps, some surrounding text is selected and the selected area is
dragged to the Windows desktop and dropped there, you now have a scrap
file with an embedded executable.

If you do the same thing with a MIDI file as you did with the executable,
you now have another scrap file with an embedded MIDI file.

Now comes the stupidity.

If I double-click on the scrap file with the embedded MIDI file, it is
opened with Word. If I then double-click on the embedded MIDI file,
Windows pops up a warning dialogue box and asks me if I really want to
do something that could pose a danger to the system.

However, if I double-click on the scrap file with the embedded executable,
then Windows immediately runs the executable with no warning, prompt,
request for confirmation or any other safety check whatsoever.

What's wrong with this picture?

Norman De Forest Removed) [=||=] (A Speech Friendly Site)
"O'Reilly is to a system administrator as a shoulder length latex glove
is to a veterinarian." -- Peter da Silva in the scary devil monastery

Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
cisco 1721 triangle whit 2 cisco 800 over isdn 128k Himselff Cisco 4 06-27-2005 12:42 PM
Load balancing over WAN triangle Will Cisco 3 02-22-2005 07:00 PM
Button Click events going into Bermuda Triangle, news at 10 Michael Johnson Jr. ASP .Net 2 12-11-2003 07:36 AM
2x2950 + 3745 in triangle Bartek Cisco 1 11-01-2003 08:07 PM
Sample config. for 827 on Sympatico HighSpeed or Golden Triangle? Brad Cisco 0 07-11-2003 03:44 AM